Notice ID: DISA-RFI-25-R-CBII
DISA seeks information on a managed service that can deploy a Cloud-Based Internet Isolation (CBII) solution that handles non-mission essential, commercial web traffic and browsing sessions for 3.4 to 3.6 million Non-classified Internet Protocol Router Network (NIPRNET) DoD users in a secured, cloud environment.
CBII services will reduce the bandwidth and cybersecurity risks associated with utilizing the internet browser on the Department of Defense Information Networks (DODIN). CBII will secure the Department’s data and networks by taking an end users’ (i.e., non-.mil/non-.gov) internet browsing off the endpoint (i.e., DoDIN) and isolating it within a cloud environment.
The proposed solution must include technologies that can detect the nature of Malicious Cyber Activity (MAC) and attacks, provide immediate, automated threat mitigations in real time against these threats, and capture threat analytics that can be reviewed by cyber protection teams.
Capabilities within the CBII platform will include but are not limited to destination-based whitelisting and blacklisting, web content filtering, site categorization and risk assessment, malware scanning and sandboxing, data loss prevention and web isolation within a secured container. The CBII solution must be deployed to an unclassified Cloud Service Offering (CSO) that enables DoD to isolate Internet traffic, mitigate threats, and free up the bandwidth capacity, by redirecting internet browsing from the end user’s desktop into a remote cloud-based server. The NIPRNet CSO shall meet all FedRAMP+ Level 2 (Non-Controlled Unclassified Information) distinguishing requirements and characteristics.
- System-wide Web Browsing
- The system needs to provide the ability to send either all or a configurable portion of user Internet activity at the browser to a Cloud-based vendor solution external to the DoDIN.
- The system needs to isolate all Internet code execution in the Vendors accredited cloud environment.
- The system needs to isolate each users’ session and be configured to block access to malicious and or suspicious websites …
- Cybersecurity Capabilities.
- The solution needs to provide a capability to detect, prevent, respond, and report malicious code injection from the CBII Environment to the DoDIN, to include deterring propagation of malware within the DoDIN.
- The solution needs to provide a capability that detects and responds to anomalous network behavior through signatures or advanced analytic techniques affecting the CBII Environment.
- The solution needs to provide a capability that detects, prevents, responds to, and reports single and multiple node denial of service (DOS) attacks from the CBII Environment to the DoDIN …
Not Yet a Premium Partner/Sponsor? Learn more about the OS AI Premium Corporate and Individual Plans here. Plans start at $250 annually.